Patching and Vulnerability Manager
Edinburgh, GB
Royal London
From Pensions to Retirement, Savings, Investments and Life Insurance, Royal London has been helping people plan for life’s financial milestones since 1861.Job Title: Threat & Vulnerability Manager
Contract Type: Permanent
Location: Edinburgh or Alderley Edge
Working style: Hybrid 50% home/office based
Closing date: 28th April 2024
We’re expanding our security and resilience team within the CISO office. Over the last few years, we’ve been on a continuous improvement journey and are looking to expand the team. These new roles will allow us to fully enact our threat-led security program, drive further improvements across cyber and support our organisational goal of building a secure and resilient mutual. With a security team over 50 already, these new roles will enhance our capabilities as the threat landscape continues to evolve.
We are seeking a highly skilled and experienced Threat and Vulnerability Manager to join Royal London. In this role, you will play a critical part in safeguarding our organisation against potential threats and vulnerabilities. Your expertise and strategic thinking will be essential in protecting our sensitive information and ensuring the overall security of our operations.
In this position, you will be responsible for the management of vulnerabilities across the Royal London estate. You will lead on the identification, prioritisation and remediation tracking of vulnerabilities to ensure that Royal London is securely maintained and operated in line with legislative, regulatory, and business security requirements. You will work closely with cross-functional teams to implement security measures and provide guidance on best practices. Additionally, you will stay up to date with the evolving threat landscape and proactively research emerging threats.
This is an excellent opportunity for a meticulous and results-driven professional with a strong background in cybersecurity. If you are enthusiastic about protecting sensitive information and have a proven track record of implementing effective security measures, we would love to hear from you.
About the role
- Oversee a team of patching and vulnerability analysts providing effective leadership and helping to navigate through senior management and business approvals, thereby ensuring vulnerabilities are managed appropriately and within documented SLAs. Provide guidance, support, and mentorship to foster professional growth and maximise individual and team performance.
- Management of all governance routines related to this key control
- Ensuring all vulnerabilities are triaged, prioritised, tracked, remediated, and managed appropriately within documented SLA and compensating controls identified and implemented where necessary.
- Provide metrics and reports with relevant narrative including updates and plans for remediation activities.
- Review and enhance processes and technologies used to support and execute vulnerability management process.
- Operate collaboratively with other Security Leads and the wider IT team to triage and remediate security threats and vulnerabilities within SLA.
- Collaborate with the incident response team in investigating and responding to security incidents, providing expertise and support in the utilisation of security technologies to identify, contain, and remediate threats.
- Remain up to date on cutting-edge technology, threat landscape and vulnerability exploitation techniques.
- Ability to work in own team but also manage others from third parties.
About you
- Proven experience in vulnerability management and application security technologies. Experience leading a vulnerability management team preferable.
- Proficient in using vulnerability management tools such as Tenable, Kenna, Qualys, Rapid7 and Tanium
- Good understanding and practical experience of Cyber Security Frameworks and standards, e.g. NIST
- Strong understanding of information security concepts, technologies, and best practices
- Excellent problem-solving and analytical skills with effective communication and presentation abilities.
- Working knowledge of OWASP, MITRE, CVSS and other standards/frameworks relevant to vulnerability management
- Experience in managing risks and issues and implementing mitigation strategies.
- Ability to manipulate data, extract insight and provide reporting to key stakeholders for actionable tasks
- Previous experience of working within a regulated environment in the financial services industry desirable
- MS Excel and MS Power BI proficiency, preferable
- Relevant certifications (e.g., CISSP, CISM, CompTIA Sec+) are a plus.
About Royal London
We’re the UK’s largest mutual life, pensions and investment company, offering protection, long-term savings and asset management products and services.
Our People Promise to our colleagues is that we will all work somewhere inclusive, responsible, enjoyable and fulfilling. This is underpinned by our Spirit of Royal London values; Empowered, Trustworthy, Collaborate, Achieve.
We've always been proud to reward employees by offering great workplace benefits such as 28 days annual leave in addition to bank holidays, an up to 14% employer matching pension scheme and private medical insurance. You can see all our benefits here - Our Benefits
Inclusion, diversity and belonging.
We’re an Inclusive employer. We celebrate and value different backgrounds and cultures across Royal London. Our diverse people and perspectives give us a range of skills which are recognised and respected – whatever their background.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Business Intelligence CISM CISO CISSP CompTIA CVSS Governance Incident response NIST OWASP Qualys SLAs Vulnerabilities Vulnerability management
Perks/benefits: Health care Medical leave Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs